Select Page

Database Monitoring: Why Bother?

John Kaufling | | October 22, 2013

database-monitoringDatabase monitoring seems among the lackluster routine tasks for database administrators. Why bother, when there are Big Data projects to be created and cloud computing to explore? Why should you monitor database activity?

Adrian Lane, a security analyst writing on Dark Reading, notes:

“This is why! Hackers stole $45 million from ATMs — a theft made possible by breaching several bank databases and make simple alterations that allowed thieves to siphon [off] cash.”

Because that attack was carried out in waves, “[T]he easiest point of detection should have been through the database;” he says, “one of the types of attacks that database activity monitoring systems were designed for.”

Database security is critical in preventing these sorts of events, but monitoring is a critical line of defense for enterprise networks.

Database monitoring helps by tracking users with specific privileges in the system as well as sounding the alarm when any odd changes to data are noticed, some of which may be the hallmarks of either an intrusion or internal theft.

Most data is stolen when the data is simply residing in the database, the 2013 Verizon Data Breach Report found:

“Not one breach in this sample happened to data that was ‘in transit’. In fact, two-thirds of breaches involved data ‘at rest’ (in databases and on file servers), and the rest was being processed when compromised.”

The Data Breach Investigations report, produced annually since 2008, analyzed approximately 47,000 different security incidents. Database administrators have any number of tools available to them. Database monitoring systems have been available for more than 10 years.

TechTarget explains:

“Database activity monitoring can be accomplished through a combination of several methods, including network sniffing, reading of database audit logs and/or system tables and memory scraping. Regardless of the methodology chosen, the data must be correlated in order to detect and get a more accurate picture of what’s going on within the database. Vendor DAM tools can help simplify that correlation and provide the administrator with the ability to detect attacks as well as provide forensic evidence in the case of an actual data breach.”

Auditing tools simply allow a database administrator to see the data that has been changed. Database activity monitoring goes farther, allowing compliance controls, for example, to be enacted. A user can look across platforms to see how data is being accessed and to see who is accessing it. It can also be used for operations monitoring as well as for tasks such as assessing compliance with government regulations.

In other words, database activity monitoring is an essential task to which database administrators must devote their time and resources. What are your thoughts? Let us know, we’d love to hear from you.

Image by U.S. News/Money.

12c Upgrade Bug with SQL Tuning Advisor

This blog post outlines steps to take on Oracle upgrade 11.2 to 12.1 if you’re having performance problems. Oracle offers a patch and work around to BUG 20540751.

Megan Elphingstone | March 22, 2017

Oracle EPM Cloud Vs. On-Premises: What’s the Difference?

EPM applications help measure the business performance. This post will help you choose the best EPM solutions for your organization’s needs and objectives.

Bobby Ellis | April 10, 2018

Scripting Out the Logins, Server Role Assignments, and Server Permissions

Imagine there are over one hundred logins in the source server and you need to migrate them all over to the destination server. Wouldn’t it be awesome if we could automate the process by generating the scripts for the required tasks?

JP Chen | October 1, 2015

Work with Us

Let’s have a conversation about what you need to succeed and how we can help get you there.

CONTACT US

Work for Us

Where do you want to take your career? Explore exciting opportunities to join our team.

EXPLORE JOBS